def report_unavailable_room():
room_id_encoded = request.args.get("room_id")
time = request.args.get("time")
date_str = request.args.get("date")
date = datetime.date(*map(int, date_str.split('-')))
# 运营策略:报告获得他人认同可以加积分
if not room_id_encoded:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing room_id parameter')
if not time:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing time parameter')
if not date_str:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing date parameter')
try:
resource_type, room_id = decrypt(room_id_encoded,
resource_type=RTYPE_ROOM)
except ValueError:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'invalid room_id')
entity_service.report_unavailable_room(room_id, date, time, *get_ut_uid())
return generate_success_response(None)
def get_card(url_cid: str, url_semester: str):
"""课程查询"""
# decrypt identifier in URL
try:
_, card_id = decrypt(url_cid, resource_type='klass')
except ValueError:
return render_template("common/error.html", message=MSG_INVALID_IDENTIFIER)
# RPC to get card
try:
card = entity_service.get_card(url_semester, card_id)
except Exception as e:
return handle_exception_with_error_page(e)
day, time = lesson_string_to_tuple(card.lesson)
# cotc_id = COTeachingClass.get_id_by_card(card)
# course_review_doc = CourseReview.get_review(cotc_id)
return render_template('entity/card.html',
card=card,
card_day=get_day_chinese(day),
card_time=get_time_chinese(time),
# cotc_id=cotc_id,
# cotc_rating=course_review_doc["avg_rate"],
cotc_id=0,
cotc_rating=0,
current_semester=url_semester
)
def get_classroom(url_rid, url_semester):
"""教室查询"""
# decrypt identifier in URL
try:
_, room_id = decrypt(url_rid, resource_type='room')
except ValueError:
return render_template("common/error.html", message=MSG_INVALID_IDENTIFIER)
# todo 支持没有学期的room
# RPC to get classroom timetable
try:
room = entity_service.get_classroom_timetable(url_semester, room_id)
except Exception as e:
return handle_exception_with_error_page(e)
with tracer.trace('process_rpc_result'):
cards = defaultdict(list)
for card in room.cards:
day, time = lesson_string_to_tuple(card.lesson)
cards[(day, time)].append(card)
empty_5, empty_6, empty_sat, empty_sun = _empty_column_check(cards)
available_semesters = semester_calculate(url_semester, room.semesters)
return render_template('entity/room.html',
room=room,
cards=cards,
empty_sat=empty_sat,
empty_sun=empty_sun,
empty_6=empty_6,
empty_5=empty_5,
available_semesters=available_semesters,
current_semester=url_semester)
def apply_grant():
to_user_id_encoded = request.args.get('to_user_id')
if not to_user_id_encoded:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "mising to_user_id")
to_uid = decrypt(to_user_id_encoded, resource_type=RTYPE_STUDENT)[1]
user_service.new_grant_request(g.user_id, to_uid)
return generate_success_response(None)
def get_student(url_sid: str, url_semester: str):
"""学生查询"""
# decrypt identifier in URL
try:
_, student_id = decrypt(url_sid, resource_type='student')
except ValueError:
return render_template("common/error.html", message=MSG_INVALID_IDENTIFIER)
if url_semester == URL_EMPTY_SEMESTER:
try:
student = entity_service.get_student(student_id)
except Exception as e:
return handle_exception_with_error_page(e)
else:
# RPC 获得学生课表
try:
student = entity_service.get_student_timetable(student_id, url_semester)
except Exception as e:
return handle_exception_with_error_page(e)
# save sid_orig to session for verifying purpose
# must be placed before privacy level check. Otherwise a registered user could be redirected to register page.
session[SESSION_LAST_VIEWED_STUDENT] = StudentSession(sid_orig=student.student_id,
sid=student.student_id_encoded,
name=student.name)
# 权限检查,如果没有权限则返回
has_permission, return_val = check_permission(student)
if not has_permission:
return return_val
if url_semester != URL_EMPTY_SEMESTER:
with tracer.trace('process_rpc_result'):
cards: Dict[Tuple[int, int], List[Dict[str, str]]] = dict()
for card in student.cards:
day, time = lesson_string_to_tuple(card.lesson)
if (day, time) not in cards:
cards[(day, time)] = list()
cards[(day, time)].append(card)
empty_5, empty_6, empty_sat, empty_sun = _empty_column_check(cards)
available_semesters = semester_calculate(url_semester, sorted(student.semesters))
return render_template('entity/student.html',
have_semesters=True,
student=student,
cards=cards,
empty_sat=empty_sat,
empty_sun=empty_sun,
empty_6=empty_6,
empty_5=empty_5,
available_semesters=available_semesters,
current_semester=url_semester)
else:
# 无学期
return render_template('entity/student.html',
have_semesters=False,
student=student)
def android_client_get_ics(resource_type, identifier, semester):
"""
android client get a student or teacher's ics file
If the student does not have privacy mode, anyone can use student number to subscribe his calendar.
If the privacy mode is on and there is no HTTP basic authentication, return a 401(unauthorized)
status code and the Android client ask user for password to try again.
"""
# 检查 URL 参数
try:
res_type, res_id = decrypt(identifier)
except ValueError:
return "Invalid identifier", 400
if resource_type not in ('student',
'teacher') or resource_type != res_type:
return "Unknown resource type", 400
if resource_type == 'teacher':
try:
teacher = entity_service.get_teacher_timetable(res_id, semester)
except Exception as e:
return handle_exception_with_error_page(e)
cal_token = calendar_service.get_calendar_token(
resource_type=resource_type,
identifier=teacher.teacher_id,
semester=semester)
return redirect(
url_for('calendar.ics_download', calendar_token=cal_token))
else: # student
try:
student = entity_service.get_student_timetable(res_id, semester)
except Exception as e:
return handle_exception_with_error_page(e)
with tracer.trace('get_privacy_settings'):
privacy_level = user_service.get_privacy_level(student.student_id)
# get authorization from HTTP header and verify password if privacy is on
if privacy_level != 0:
if not request.authorization:
return "Unauthorized (privacy on)", 401
username, password = request.authorization
if not user_service.check_password(username, password):
return "Unauthorized (password wrong)", 401
if student.student_id != username:
return "Unauthorized (username mismatch)", 401
cal_token = calendar_service.get_calendar_token(
resource_type=resource_type,
identifier=student.student_id,
semester=semester)
return redirect(
url_for('calendar.ics_download', calendar_token=cal_token))
def get_teacher(url_tid, url_semester):
"""老师查询"""
# decrypt identifier in URL
try:
_, teacher_id = decrypt(url_tid, resource_type='teacher')
except ValueError:
return render_template("common/error.html", message=MSG_INVALID_IDENTIFIER)
if url_semester == URL_EMPTY_SEMESTER:
# RPC to get teacher timetable
try:
teacher = entity_service.get_teacher(teacher_id)
except Exception as e:
return handle_exception_with_error_page(e)
else:
# RPC to get teacher timetable
try:
teacher = entity_service.get_teacher_timetable(teacher_id, url_semester)
except Exception as e:
return handle_exception_with_error_page(e)
if url_semester != URL_EMPTY_SEMESTER:
with tracer.trace('process_rpc_result'):
cards = defaultdict(list)
for card in teacher.cards:
day, time = lesson_string_to_tuple(card.lesson)
if (day, time) not in cards:
cards[(day, time)] = list()
cards[(day, time)].append(card)
empty_5, empty_6, empty_sat, empty_sun = _empty_column_check(cards)
available_semesters = semester_calculate(url_semester, teacher.semesters)
return render_template('entity/teacher.html',
have_semesters=True,
teacher=teacher,
cards=cards,
empty_sat=empty_sat,
empty_sun=empty_sun,
empty_6=empty_6,
empty_5=empty_5,
available_semesters=available_semesters,
current_semester=url_semester)
else:
# 无学期
return render_template('entity/teacher.html',
have_semesters=False,
teacher=teacher)
def cal_page(url_res_type: str, url_res_identifier: str, url_semester: str):
"""课表导出页面视图函数"""
# 检查 URL 参数
try:
res_type, res_id = decrypt(url_res_identifier)
except ValueError:
return render_template("common/error.html",
message=MSG_INVALID_IDENTIFIER)
if url_res_type not in ('student', 'teacher') or url_res_type != res_type:
return render_template("common/error.html", message=MSG_400)
if url_res_type == 'student':
try:
student = entity_service.get_student_timetable(
res_id, url_semester)
except Exception as e:
return handle_exception_with_error_page(e)
# 权限检查,如果没有权限则返回
has_permission, return_val = check_permission(student)
if not has_permission:
return return_val
token = calendar_service.get_calendar_token(
resource_type=url_res_type,
identifier=student.student_id,
semester=url_semester)
else:
try:
teacher = entity_service.get_teacher_timetable(
res_id, url_semester)
except Exception as e:
return handle_exception_with_error_page(e)
token = calendar_service.get_calendar_token(
resource_type=url_res_type,
identifier=teacher.teacher_id,
semester=url_semester)
ics_url = url_for('calendar.ics_download',
calendar_token=token,
_external=True)
ics_webcal = ics_url.replace('https', 'webcal').replace('http', 'webcal')
return render_template('calendarSubscribe.html',
ics_url=ics_url,
ics_webcal=ics_webcal,
android_client_url=app.config['ANDROID_CLIENT_URL'])
def multi_people_schedule():
people_encoded = request.args.get('people')
date = request.args.get('date')
uid = get_logged_in_uid()
if not people_encoded:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing people parameter')
if not date:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing date parameter')
people_list = [decrypt(people)[1] for people in people_encoded.split(',')]
date = datetime.date(*map(int, date.split('-')))
schedule = entity_service.multi_people_schedule(people_list, date, uid)
return generate_success_response(schedule)
def get_calendar_token(id_sec: str, semester: str):
"""
:param id_sec: 加密后的学号或教工号
:param semester: 学期,如 2018-2019-1
错误码:
4000 请求无效
4003 无权访问
"""
try:
res_type, res_id = encryption.decrypt(id_sec)
except ValueError:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, '用户ID无效')
if res_type == encryption.RTYPE_STUDENT:
if not user_service.has_access(res_id, g.username)[0]:
return generate_error_response(None, api_helpers.STATUS_CODE_PERMISSION_DENIED, '无权访问该用户课表')
student = entity_service.get_student_timetable(res_id, semester)
if not student:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, '学生不存在')
token = calendar_service.get_calendar_token(resource_type=res_type,
identifier=student.student_id,
semester=semester)
else:
teacher = entity_service.get_teacher_timetable(res_id, semester)
if not teacher:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, '教师不存在')
token = calendar_service.get_calendar_token(resource_type=res_type,
identifier=teacher.teacher_id,
semester=semester)
ics_url = url_for('calendar.ics_download', calendar_token=token, _external=True)
ics_webcal = ics_url.replace('https', 'webcal').replace('http', 'webcal')
return generate_success_response({'token': token,
'ics_url': ics_url,
'ics_url_webcal': ics_webcal})
def test_decrypt(self):
from everyclass.server.utils.encryption import decrypt
for tp, data, encrypted in self.cases:
self.assertTrue(
decrypt(encrypted, encryption_key=self.key, resource_type=tp)
== (tp, data))